secure random number generation

Description

Currently, random values are generated using CL:RANDOM function. This is far from cryptographically secure. Spec refers to ​RFC 1750 Randomness Recommendations for Security; these recommendations should be implemented, as a separate library, and this library should be used for generating random numbers.

The current implementation is not pure-lisp, it reuses OpenSSL random number generator (via cl+ssl). Pure-lisp library would be better probably, but the OpenSSL way was the simpler. Implementing a pure lisp secure random number generator not only requires the RNG algorithm coding; the most expensive part will be gathering a truly unguessable initial state for the generator. OpenSSL does this from a platform specific service, like /dev/random, Windows Crypto API, Entropy Gathering Daemon, etc. The secure-random interface hides the implementation details, so when (and if) it will be reimplemented in lisp, the cl-openid code will not be affected.